CVE-2026-26366

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials user:user, admin:admin that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitiv...

CVE-2026-26366

The CVE-2026-26366 entry concerns JUNG eNet SMART HOME server versions 2.2.1 and 2.3.1. The available documents state that these builds ship with default credentials (user:user, admin:admin) that remain active after installation, allowing unauthenticated attackers to gain administrative access to...

PT-2026-8250

Name of the Vulnerable Software and Affected Versions eNet SMART HOME server versions 2.2.1 and 2.3.1 Description The eNet SMART HOME server is affected by a default credentials issue. The server ships with default credentials 'user:user', 'admin:admin' that remain active after installation and...

PT-2026-8252

Name of the Vulnerable Software and Affected Versions eNet SMART HOME server versions 2.2.1 and 2.3.1 Description The software contains a missing authorization flaw in the resetUserPassword JSON-RPC method. An authenticated, low-privileged user UG USER can reset the passwords of any account,...

EUVD-2025-3146

Malicious code in bioql PyPI...

EUVD-2024-43723

Malicious code in bioql PyPI...

CVE-2025-23214

Summary: Cosmos-Server before version 0.17.7 exposes a user-enumeration vulnerability during login, allowing an attacker to determine if a username exists in the database due to error code behavior. This has been addressed in version 0.17.7. Affected software: Cosmos-Server (pre-0.17.7). Root cau...

Matrix 授权问题漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. Matrix suffers from an authorization issue vulnerability that stems from allowing a remote participant to trigger the download and caching of remote media from a remote home server to a local media repository...

Element Synapse 安全漏洞

Element Synapse is an open source Matrix Home Server implementation from Element Open Source. A security vulnerability exists in Element Synapse that stems from the fact that multi-part/form data requests may, under certain configurations, temporarily increase memory consumption beyond expected...

Element Synapse 安全漏洞

Element Synapse is an open source Matrix Home Server implementation from Element Open Source. A security vulnerability exists in Element Synapse that stems from the inability to properly validate invitations received via federation...

Element Synapse 安全漏洞

Element Synapse is an open source Matrix Home Server implementation from Element Open Source. A security vulnerability exists in Element Synapse versions prior to 1.106 that stems from allowing an unauthenticated remote participant to trigger a remote media download and cache it to a local media...

VaeMendis Ubooquity 跨站请求伪造漏洞

VaeMendis Ubooquity is a free, lightweight and easy-to-use home server from VaeMendis. A cross-site request forgery vulnerability exists in VaeMendis Ubooquity version 2.1.2, which stems from the inclusion of a cross-site request forgery issue...

CVE-2024-49379

Umbrel is a home server OS for self-hosting. The login functionality of Umbrel before version 1.2.2 contains a reflected cross-site scripting XSS vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the vulnerability. If a JavaScript URL is passed...

CVE-2024-49379 Remote Code Execution (RCE) via Cross-Site Scripting (XSS) in Umbrel

Umbrel is a home server OS for self-hosting. The login functionality of Umbrel before version 1.2.2 contains a reflected cross-site scripting XSS vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the vulnerability. If a JavaScript URL is passed...

CVE-2024-49379 Remote Code Execution (RCE) via Cross-Site Scripting (XSS) in Umbrel

Umbrel is a home server OS for self-hosting. The login functionality of Umbrel before version 1.2.2 contains a reflected cross-site scripting XSS vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the vulnerability. If a JavaScript URL is passed...

CVE-2023-49091 Jwttoken in Cosmos server never expires after password changed and logging out

Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an...

Matrix 资源管理错误漏洞

Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. Matrix Synapse suffers from a security vulnerability that stems from the fact that if both Synapse and a malicious home server join the same room, the malicious home server can trick Synapse into...

Synapse Denial of service due to incorrect application of event authorization rules during state resolution

Impact If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes se...

CVE-2023-2739

A vulnerability classified as problematic was found in Gira HomeServer up to 4.12.0.220829 beta. This vulnerability affects unknown code of the file /hslist. The manipulation of the argument lst with the input debug%27" leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2023-23944

Nextcloud Mail app (for Nextcloud server) stored user passwords in cleartext in the database during the OAuth2 setup procedure in versions prior to 2.2.2. An attacker with database access could read these passwords until OAuth setup completes. Remediation: upgrade the Nextcloud Mail app to versio...